1# 2 3comment "Security feature depends on linux kernel" 4 depends on RK_KERNEL_CFG = "" 5 6comment "Security feature would use it's own initrd" 7 depends on RK_ROOTFS_INITRD 8 9if RK_KERNEL_CFG != "" && !RK_ROOTFS_INITRD 10 11menu "Security" 12 13config RK_SECURITY 14 bool "security feature" 15 select RK_USE_FIT_IMG # Security feature depends on FIT image 16 select RK_UBOOT_SPL # Security feature depends on U-Boot SPL loader 17 18if RK_SECURITY 19 20config RK_SECURITY_INITRD_BASE_CFG 21 string "buildroot security ramdisk base cfg (rockchip_<cfg>_ramboot_defconfig)" 22 default RK_CHIP_FAMILY 23 help 24 Base name of buildroot defconfig for security ramdisk. 25 26config RK_SECURITY_INITRD_CFG 27 string 28 default "rockchip_${RK_SECURITY_INITRD_BASE_CFG}_ramboot" 29 30config RK_SECURITY_INITRD_TYPE 31 string "security ramdisk filesystem type (cpio/cpio.gz/romfs)" 32 default "cpio.gz" 33 34config RK_SECURITY_FIT_ITS 35 string "its script for FIT security ramboot image" 36 default RK_RECOVERY_FIT_ITS if RK_RECOVERY_FIT_ITS != "" 37 default "boot4recovery.its" 38 39comment "Security check method (DM-V) needs squashfs rootfs type" 40 depends on RK_ROOTFS_TYPE != "squashfs" 41 42config RK_SECURITY_CHECK_METHOD 43 string 44 default "DM-E" if RK_SECURITY_CHECK_DM_E 45 default "DM-V" if RK_SECURITY_CHECK_DM_V 46 47choice 48 prompt "security check method (DM-E|DM-V)" 49 default RK_SECURITY_CHECK_DM_E if RK_CHIP_FAMILY = "rk3566_rk3568" 50 51config RK_SECURITY_CHECK_DM_E 52 bool "DM-E" 53 54config RK_SECURITY_CHECK_DM_V 55 bool "DM-V" 56 depends on RK_ROOTFS_TYPE = "squashfs" 57 58endchoice 59 60comment "Burn security key is dangerous and cannot be reverted!" 61 depends on RK_SECURITY_BURN_KEY 62 63config RK_SECURITY_BURN_KEY 64 bool "burn security key" 65 help 66 Burn security key's hash to non volatile memory. 67 68endif 69 70endmenu # Security 71 72endif 73